Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Commander Bomber

This is a resident, polymorphicCOM infector. It does not attack COMMAND.COM. When an infected file is executed the virus becomes memory resident below the 640 KB boundary and hooks the interrupt INT 21h vector. When an appropriate COM file is executes the virus attacks it. The way of infecting files was unique at the time of the virus origin. From a file it reads a 4096 bytes long area, starting at any position and writes it to the end of the file. Into the “protected” area formed in this way the virus writes its body. After that the virus generates small fragments of code to various positions in the infected file. It saves the original contents of locations where the virus code fragment is located. The first fragment is at the beginning of the file and it gives over the control to another fragment. Individual fragments are interconnected by instructions JMP, CALL, RET, RET word. The last fragment gives the control over to the virus code. The author of this virus is widely known under the nickname Dark Avenger and he comes from Bulgaria. He is the author of several viruses which served from the technical point of view as an inspiration for other authors of viruses.